Apple Knew of iCloud Flaw Six Months Before “Celebgate”

Share & comment

Apple Knew of iCloud Flaw Six Months Before “Celebgate”

Share & comment

Apple was informed about a weakness found in iCloud’s security six months before the “celebgate” (nude images captured from Hollywood celebrity’s iCloud accounts) kicked off, according to the Daily Dot. The newspaper points to emails exchanged between Apple and independent security researcher Ibrahim Balic, to back up its claim.

As it turns out, Balic notified Apple back in March that he had successfully bypassed a security feature meant to protect users from “brute force” attacks – methods used by hackers to crack passwords by trying endless key combinations until they get a match. This kind of attack is blocked by limiting the number of attempts a user can make to log in.

Balic was able to try over 20,000 password combinations, so he recommended the above method to Apple: to limit the number failed attempts.

Fast forward a couple months: In May, Apple contacted Balic confirming the validity of the exploit, and asked for more information.

The rest is history: While the Daily Dot is unsure if the hackers originating the “celebgate” used the same vulnerability Balic shared with Apple, the exploit Balic reported and the one used by the hackers bear a “stark resemblance” to each other, the security experts reviewing Balic’s documents told the newspaper.